From dcf17e6f077ce4479266208f52bc99647c014e76 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Tue, 24 Dec 2024 13:01:45 +0100 Subject: [PATCH] do not render hidden CSRF token forms with autocomplete set to off --- .../Form/Extension/Csrf/Type/FormTypeCsrfExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php index 10367ae5ffe65..1cb2b0342630a 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php +++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php @@ -76,7 +76,7 @@ public function finishView(FormView $view, FormInterface $form, array $options): $csrfForm = $factory->createNamed($options['csrf_field_name'], HiddenType::class, $data, [ 'block_prefix' => 'csrf_token', 'mapped' => false, - 'attr' => $this->fieldAttr + ['autocomplete' => 'off'], + 'attr' => $this->fieldAttr, ]); $view->children[$options['csrf_field_name']] = $csrfForm->createView($view);